The question that many have had on their minds is if mobile devices will become a source of DDoS attacks. Whether mobile phones will be used as zombies is currently under speculation by many researchers, who say “It may be imminent.”

It can be figured due to the amount of trojans found on Android devices, how iOS devices got attacked, and Windows Phone being vulnerable. Trojans are masks that cover an legitimate looking program. Basically, a program appears to be legitimate, but has hidden features to do something different. Most of the time, either the trojan will steal data and mine some cash, or use your computer as a zombie (using your resources such as CPU, RAM, etc.) to launch a DDoS attack.

A distributed denial of service is used to cause a server to take too many requests that it cannot handle. This is usually done by blackhat hackers or cybercriminals to either protest a specific ideal, or just for fun.

A highly used DDoS tool by Anonymous called “Low Orbit Ion Cannon” (LOIC) was recently redesigned for use on the Android platform. The porting over to Android from the Desktop app took no programming skills. In fact, it’s easy to use old tools and port them over to Android.

With device manufacturers slowly releasing updates to device operating system, firmware, etc. – this leaves an open hole for exploit/cyberattack. Android is particularly vulnerable because of the ability to use ‘unknown source’ apps, or apps outside of the Google Play store.

Although, if it is thought out, it would take thousands of devices to be able to have the power to construct a DDoS attack. However, this would make it a lot simpler for a pre-constructed attack, that can come from many countries – thus making it hard to trace the origin of the attack(s).

It is sure that as carriers and app developers are distributing e-wallet apps, the ability to rob personal data, credit card, etc. will increase. Heads up!

Share this:

Like this:

The Hongkong and Shanghai Banking Corporation, also known as HSBC, was the next victim of a distributed denial-of-service attack (DDoS), making it impossible for customers to conduct their Internet banking services.

On 18 October 2012 HSBC servers came under a denial of service attack which affected a number of HSBC websites around the world.

This denial of service attack did not affect any customer data, but did prevent customers using HSBC online services, including internet banking.

We are taking appropriate action, working hard to restore service. We are pleased to say that some sites are now back up and running.

We are cooperating with the relevant authorities and will cooperate with other organisations that have been similarly affected by such criminal acts.

We apologise for any inconvenience caused to our customers throughout the world.

The update on its website stated, “HSBC restored all of its websites globally to full accessibility as of 11:00 PM EST time last night. ”

DDoS attacks, conducted by cyber criminals, are a means of controlling a certain number of computers to target a single or group of Internet servers, in attempts to overload them. This in turn, causes the server to shutdown, or discontinue its service until the load wears down.

This is only one of the few latest DDoS attacks on corporations or government entities.

Like this:

US Senator Joe Lieberman blamed Iran for the attacks against US banks last Friday, with thoughts that Iran did so out of revenge for the Stuxnet case. The victims of last week’s attacks included Bank of America and JPMorgan Chase. Although not attacked, speculation is that CitiGroup has been a target over the past year. All of these denial of service campaigns seemed to have begun in late 2011.

In C-SPAN’s taping of “Newsmakers,” Lieberman labeled the recent DDoS attacks against the banks a “powerful example of our vulnerability”.

Now, from the perspective of Lieberman, it makes sense to make such claims. When we reported in June about a potential US and Israeli connection for malwares like Flame and Stuxnet, labeled “Operation Olympic Games”, we saw the counterattack that continued cyberwarfare between Iran and the US (as well as other countries). This could be just one of possibly many counterattacks from Iran, and it’s going to be quite dangerous to companies that are vulnerable to cyberattack.

Cyberattacks will continue with DDoS and other hacks, and it could target almost any major organization around the world. The main idea is to craft the correct cybersecurity strategies, and be aware of any attack vectors (like if there are too many people trying to hack in to the networks). It’s important to learn from issues like this, and be able to adapt the latest strategies for businesses. Which means: If you don’t have a director for information security at your major company, it’s about time to get one and soon!

Keep all of your devices FULLY safe from hackers:

Share this:

Like this:

The ZeroAccess rootkit, some know as Sirefef, has grown its command and control servers over the past year. Now, it has spanned all around the globe to infect up to 9 million PCs. It’s botnet started growing rapidly once it hit one million infections, and now has multiplied it by 9.

Like the new TDL4 variant, it can create its own hidden partition, which can be problematic for PC users, especially because it normally is unknown that a hidden partition exists. Tools like TDSSKiller, though, can see through its disguise. There are two total botnets, each for a 32-bit and 64-bit version (totaling 4 botnets), and usually distributed by exploits.

Fast facts:

The latest versions seem to have no kernel mode components, therefore they do not infect drivers like previously did. It instead uses usermode components and drops their own GUID (CLSID) in the following locations:

c:\windows\installer\{GUID STRING}

c:\users\<user>\AppData\Local\{GUID STRING}

C:\Windows\System32\config\systemprofile\AppData\Local\{GUID STRING}

C:\RECYCLER\S-x-x-x\${RANDOM STRING}

It also parks its own infections in these locations:

C:\Windows\assembly\GAC\Desktop.ini

If on x64: c:\windows\assembly\GAC_32\Desktop.ini AND c:\windows\assembly\GAC_64\Desktop.ini

Infects c:\windows\system32\services.exe

For the ports that it uses for each version of the botnet:

Port numbers 16464 and 16465 are used by one botnet for both 32 and 64 bit platforms.

Post numbers 16470 and 16471 are used by the other botnet for both platforms.

Share this:

Like this:

Go Daddy is finishing recovering from what appears to be a corruption in its router tables. Yesterday, Anonymous blabbered quickly that they had constructed a DDoS attack on GoDaddy.com, causing its servers from being inaccessible from 10 a.m.-4 p.m. PDT. However, Go Daddy CEO claims it’s not true:

The service outage was not caused by external influences. It was not a “hack” and it was not a denial of service attack (DDoS). We have determined the service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again.

Go Daddy tweeted the following yesterday during this issue:

Status Alert: Hey, all. We’re aware of the trouble people are having with our site. We’re working on it.

Share this:

Like this:

Two former members of the crazy, disgruntled group, LulzSec, plead guilty this morning to conspiracy charges for a spree of hacks on US & UK government/corporate servers. Ryan Cleary, 20, and Jake Davis, 19, were held under the conspiracy charges.

Share this:

Like this:

Ryan Cleary (not to be confused with the Canadian politician), British citizen, has been indicted on charges of running botnets to DDoS major US corporations, such as Sony Pictures Entertainment, Fox Entertainment Group, etc.

According to IDG, Cleary was arrested in June 2011 at his home in Wickford, England, for allegedly taking part in the DDOS attacks against Britain’s Serious Organised Crime Agency. It is said if he is convicted, he could face up to 25 years in prison.